Karl
Moderator Emeritus
In your field, Ray, it's best to learn from the experiences of others.
Horrendous Attack!
- Thread starter Ray D
- Start date
The friendliest place on the web for anyone with an RV or an interest in RVing!
If you have answers, please help by responding to the unanswered posts.
If you have answers, please help by responding to the unanswered posts.
OP
OP
Ray D
Well-known member
10-4, Karl
Note that that is one of your fields, also!
Ray D ;D
ArdraF
Well-known member
- Joined
- Feb 12, 2006
- Posts
- 10,695
Ray, re Norton (or any of the others). Be sure you download updates frequently. Norton usually has fixes on Wednesday, but sooner if needed. Live Update is wonderful! Way back when all this security stuff started, I don't think it was even a feature.
ArdraF
ArdraF
OP
OP
Ray D
Well-known member
Ardra, thanks, and right on! I run Live Update every morning. Most of the time, there's nothing there - but that's fine, too! ;D
McAfee, on my new computer, was set to run every day, when I got it.
So, recently, a very nasty virus got through. Still, pretty good odds. And, Dani did click on the warning window without reading it carefully. Not a good idea, but not all that stupid, either.
She did learn a lesson. She also lost some confidence in her warning systems. I think that "hacker" is a particularly virulent burden on society and would relish the opportunity to correct that problem. (Where's the sinister smiley?) Problem is, they are like snakes. Get rid of one, another moves in.
Ray D ;D
McAfee, on my new computer, was set to run every day, when I got it.
So, recently, a very nasty virus got through. Still, pretty good odds. And, Dani did click on the warning window without reading it carefully. Not a good idea, but not all that stupid, either.
She did learn a lesson. She also lost some confidence in her warning systems. I think that "hacker" is a particularly virulent burden on society and would relish the opportunity to correct that problem. (Where's the sinister smiley?) Problem is, they are like snakes. Get rid of one, another moves in.
Ray D ;D
Will
Well-known member
Well, I read an article on this type of attack, and apparently it was widespread and took security firms completely off guard.
http://www.wired.com/techbiz/media/news/2007/11/doubleclick
From what I understand, clicking "accept" or "cancel" only leads to more prompts and warnings, a modern type of "mousetrapping." The only way out if it would be to open up the Task Manager and shut down the processes and browser manually.
Blame DoubleClick
Ray, not all hackers are bad. As a matter of fact, most are on the good side. The only way to defend against a hacker is to learn to think like a hacker. Many "hackers" are gainfully employed in helping businesses and individuals solve solve security deficiencies in systems. Typically, among the tech crowd, malicious hackers are known as "crackers" (Not the racial pejorative, but nonetheless disliked.) Crackers are usually also employed for their art, though it is usually aimed at scamming money out of the infected person's computer, or collecting advertising royalties from depositing monitoring malware on computers.
http://www.wired.com/techbiz/media/news/2007/11/doubleclick
From what I understand, clicking "accept" or "cancel" only leads to more prompts and warnings, a modern type of "mousetrapping." The only way out if it would be to open up the Task Manager and shut down the processes and browser manually.
Blame DoubleClick
Ray, not all hackers are bad. As a matter of fact, most are on the good side. The only way to defend against a hacker is to learn to think like a hacker. Many "hackers" are gainfully employed in helping businesses and individuals solve solve security deficiencies in systems. Typically, among the tech crowd, malicious hackers are known as "crackers" (Not the racial pejorative, but nonetheless disliked.) Crackers are usually also employed for their art, though it is usually aimed at scamming money out of the infected person's computer, or collecting advertising royalties from depositing monitoring malware on computers.
OP
OP
Ray D
Well-known member
Will, your link was right on. That's the outfit I found myself up against when Dani was attacked. Except that they didn't - and probably can't show the screen Dani got. :-\
I did know that there are "good" hackers. Prefer to think of them as just honest "experts." Didn't know the "cracker" expression.
The maliacious crowd, I simply don't understand. Never have, since long before computers. They are just thugs in the dark alleys of the www, morally bankrupt, never having experienced a sense of integrity. To unleash such a revolting attack, knowing full well that they prey only upon the weakest, the least sophisticated, is beyond my understanding. Where is the gain, the pride, the sense of accomplishment, in that? I am at a loss.
I'll let it go at that, before I reveal the depths of my true disgust, for that part of humanity. :
Pardon the vulgarity, please. :-\
Ray D ;D
I did know that there are "good" hackers. Prefer to think of them as just honest "experts." Didn't know the "cracker" expression.
The maliacious crowd, I simply don't understand. Never have, since long before computers. They are just thugs in the dark alleys of the www, morally bankrupt, never having experienced a sense of integrity. To unleash such a revolting attack, knowing full well that they prey only upon the weakest, the least sophisticated, is beyond my understanding. Where is the gain, the pride, the sense of accomplishment, in that? I am at a loss.
I'll let it go at that, before I reveal the depths of my true disgust, for that part of humanity. :
Pardon the vulgarity, please. :-\
Ray D ;D
OP
OP
Ray D
Well-known member
ATTACKED AGAIN!!!
This message is about our response, and whether it was effective - how it worked. Some of our experts will jump in here, and offer critiques, I hope.
An hour or so ago, Dani called me, quite terrified, to come help. When I got there, I saw some of the same stuff as the original stuff that started this thread. The really ugly stuff wasn't there, yet, but there were three warning windows open that were obviously fraudulent. They warned that she needed to download protective/corrective programs.
This attack came on the older MPC desktop. (Dani's laptop has not been recovered, yet.)
She had, first, gotten a warning that her computer was under attack, and recognizing it as similar to the previous attack, had mistakenly clicked the red X in the upper right hand corner of the pop-up window, to get rid of it. This brought on the additional windows, with further warnings. At that point, she called me into the room.
Not sure, as to what was safe to click, I attempted to close IE, by clicking the red X in the upper right corner of the IE browser. That was not effective, and the browser continued to run. (I made three or four attempts at that.)
For the record, Norton had a fourth window open, in the lower right hand corner. I read their warning and elected not to close Norton. Neither did I trust them to solve the problem, so I did nothing with the Norton window. Now, I don't remember what the Norton window said, Other than informing me that there was a problem. I am pretty sure it thought it could handle it. I just wanted to play ultra safe, and close everything down. Wish I could remember what that window said to do - but, I can't.
I considered the power button, but opted for the "Task Manager," via Control/Alt/Delete. There, I killed IE, first try. Then, I shut down and rebooted, normally.
Upon start up, I ran Spybot Search and Destroy and then a Norton Scan. Spybot found two things it wanted to get rid of, and I approved. Norton scan produced nothing more - clean slate. I rebooted, again and then opened IE. Found nothing that concerned me, and it seemed to run, normally.
Spybot has repeatedly wanted to delete "Double Click." and that program has shown up, repeatedly in this fiasco. It was, also, mentioned above in a previous post.
I think, (but do not know) that Double Click is a click tracking cookie used by many websites - including legitimate websites. However, it has had an association with problems, repeatedly, in my past computer experience.
In addition to other implied questions in this post, I ask this specific question: Can I block Double Click? If they are honest, they are at best, not careful. I'd like to have them gone. Can I do that? If so, then how? What is the price I pay? (Will I be denied access to most - or any - ordinary websites?) How likely is it that Double Click is that careless - or reckless - uncaring - irresponsible?
This is "For What It's Worth," and thanks to any one who responds.
Ray D :-\
This message is about our response, and whether it was effective - how it worked. Some of our experts will jump in here, and offer critiques, I hope.
An hour or so ago, Dani called me, quite terrified, to come help. When I got there, I saw some of the same stuff as the original stuff that started this thread. The really ugly stuff wasn't there, yet, but there were three warning windows open that were obviously fraudulent. They warned that she needed to download protective/corrective programs.
This attack came on the older MPC desktop. (Dani's laptop has not been recovered, yet.)
She had, first, gotten a warning that her computer was under attack, and recognizing it as similar to the previous attack, had mistakenly clicked the red X in the upper right hand corner of the pop-up window, to get rid of it. This brought on the additional windows, with further warnings. At that point, she called me into the room.
Not sure, as to what was safe to click, I attempted to close IE, by clicking the red X in the upper right corner of the IE browser. That was not effective, and the browser continued to run. (I made three or four attempts at that.)
For the record, Norton had a fourth window open, in the lower right hand corner. I read their warning and elected not to close Norton. Neither did I trust them to solve the problem, so I did nothing with the Norton window. Now, I don't remember what the Norton window said, Other than informing me that there was a problem. I am pretty sure it thought it could handle it. I just wanted to play ultra safe, and close everything down. Wish I could remember what that window said to do - but, I can't.
I considered the power button, but opted for the "Task Manager," via Control/Alt/Delete. There, I killed IE, first try. Then, I shut down and rebooted, normally.
Upon start up, I ran Spybot Search and Destroy and then a Norton Scan. Spybot found two things it wanted to get rid of, and I approved. Norton scan produced nothing more - clean slate. I rebooted, again and then opened IE. Found nothing that concerned me, and it seemed to run, normally.
Spybot has repeatedly wanted to delete "Double Click." and that program has shown up, repeatedly in this fiasco. It was, also, mentioned above in a previous post.
I think, (but do not know) that Double Click is a click tracking cookie used by many websites - including legitimate websites. However, it has had an association with problems, repeatedly, in my past computer experience.
In addition to other implied questions in this post, I ask this specific question: Can I block Double Click? If they are honest, they are at best, not careful. I'd like to have them gone. Can I do that? If so, then how? What is the price I pay? (Will I be denied access to most - or any - ordinary websites?) How likely is it that Double Click is that careless - or reckless - uncaring - irresponsible?
This is "For What It's Worth," and thanks to any one who responds.
Ray D :-\
Lou Schneider
Site Team
- Joined
- Mar 14, 2005
- Posts
- 13,245
I've been using a Hosts File for a couple of years, and it gets rid of Doubleclick's nonsense. And about 99% of the rest of advertising on the web.
The Host file is loaded when you start your browser. If a URL is listed in the Host file, the browser uses the address in the Host file to find it, instead of looking for the address on the web. The Host file simply substitutes 127.0.0.1, which points back to your machine, instead of the true web address.
It doesn't seem to materially affect my web browsing - other than getting rid of the advertising.
Will
Well-known member
You did right. Shutting down IE in the Program Manager is the only real way around this.
DoubleClick is a minuscule security issue. It is little more than a tracking cookie used by a company to analyze user statistics. It is used by many legitimate companies and shows up by just visiting their web pages. Not a real threat, just an annoyance to those of us adamantly opposed to contributing to statistics.
Make sure to "Update" Spybot with the newest definitions, and use the "Immunize" to help prevent future prevent future problems.
DoubleClick is a minuscule security issue. It is little more than a tracking cookie used by a company to analyze user statistics. It is used by many legitimate companies and shows up by just visiting their web pages. Not a real threat, just an annoyance to those of us adamantly opposed to contributing to statistics.
Make sure to "Update" Spybot with the newest definitions, and use the "Immunize" to help prevent future prevent future problems.
OP
OP
Ray D
Well-known member
Just for the record - Credit Where Credit is Due - I knew about Task Manager for shutting down programs that had stalled. But, for shutting down malicious program traps, I learned that on this forum - in this thread. My Thanks to the folks who steered me this way. It was just plain neat, to see that shut down IE, and the rest of the BS, when nothing else would.
This ole dog learned a new trick, here!
Thanks again! ;D
Ray D ;D
This ole dog learned a new trick, here!
Thanks again! ;D
Ray D ;D
Karl
Moderator Emeritus
Just a word of caution - Be careful when terminating programs using the Task Manager. You will usually get a warning message that " Any new data may be lost" or words to that effect. It's best to wait until the program finishes normally than taking the "End Program Now" option. Also, stay away from termination processes listed under the "Processes" heading unless you are quite familiar with the process being shut down, and understand what will happen when you do. Many of them are system functions, and can cause a lot of headaches if shut down manually. Svchost.exe, Taskmgr.exe, Spoolsv.exe and Services.exe are some examples of tasks you don't want to mess with.
CujoQuarrel
Active member
- Joined
- Jul 30, 2005
- Posts
- 30
Will said:
100% agreement
#1 Never , ever, run Windows Explorer. If nothing else it's because , since it has the largets market share, it is the main vector for attacks. Go for Firefox or Opera.
#2 Think about trying a new OS at least for your surfing expeditions. Linux is as easy , if not easier, to use as Windows. It's truly free. And if you want you can have a machine that go's
'both ways' (when you boot it asks you which OS you wish to run)
Most people I understand are afraid of trying to change to a new OS. But if your machine is already hosed (you're going for the restore disk, about to buy a new one...) why not give it a shot. It's got all the same things, you click on an icon and a program starts.
If you use your computer for the normal everyday stuff (i.e. not running Autocad or some other mega application) you will find Linux will do everything you need. And more since you can get a ton of freeware apps that do things you'd never even thought of.
Tom
Administrator
- Joined
- Jan 13, 2005
- Posts
- 51,915
CujoQuarrel said:
I assume you meant Internet Explorer.
CujoQuarrel
Active member
- Joined
- Jul 30, 2005
- Posts
- 30
I gotta ask.
What picture did you see that started this whole mess? Can you describe it , delicately?
ME
What picture did you see that started this whole mess? Can you describe it , delicately?
ME
CujoQuarrel
Active member
- Joined
- Jul 30, 2005
- Posts
- 30
Tom said:
Whoops. I keep doing that.
Windows names everything Explorer.
There is a windows explorer (explorer.exe) it's the graphical system. I keep having to start it manually on our lab computers so it sorta stuck in my head.
Mea Culpa
Tom
Administrator
- Joined
- Jan 13, 2005
- Posts
- 51,915
LOL, I know what you mean. Didn't intend to 'jump on your message' but, since I use Windows Explorer a lot, it got my attention when I read yiour #1 ;D
OP
OP
Ray D
Well-known member
CujoQuarrel asks,
Not really, but I'll do the best I can.
Dani had tried to click out of the mess, never having experienced anything like that, before. She uses her compute for communication - E-Mail - mutual assistanace groups - some writing. She is no computer expert, barely beginner computer litterate. (She has had computers for 7 or 8 years.)
By the time I got there, there were several warning pop-ups on the screen, of the type we have seen, already, on this thread.
Her peaceful background screen was gone. (Pretty picture of her two service dogs.) In its place was a blood red screen. Her program icons had all turned shades of red. There were four additional icons, referring to programs that purportedly could rescue her computer from the chaos. Those icons had shields and Medieval weapons, displayed.
The center of the screen featured a large charactured, four sided medieval type blade. Across the screen, there was a film strip, parading from right to left. Each frame of the strip showed a different, vividly active, pornographic clip, as it moved. Remember, all of this was in shades of red.
Dani is a service related disabled vet, EMT, following the OK City Murrah Bldg Bombing. That on screen scene, threw her into a flashback, to a stairwell she worked in, in the rescue attempt, she had participated in, there. There was water mixed with bood, from injuries and the sprinkler system, cascading down the stairs, at that location. (Referred to as "a river of blood.") One glance at the screen was all it took, for me to know what had happened in this hacker attack. The thug had found a very vulnerable victim.
Never mind the damage he did to her computer. I wish he could see the damage he did to the person. Actually, that type of person would probably relish that. Then, I'd like to have some "man to man" serious communication. (Dream on, Ray!)
I have no idea how someone could reason that from that screen, one could encourage victims to find help, in their programs. I have no idea what the hacker/developer meant to accomplish. Defeats me.
Sorry, not capable of describing it "delicately."
Not really, but I'll do the best I can.
Dani had tried to click out of the mess, never having experienced anything like that, before. She uses her compute for communication - E-Mail - mutual assistanace groups - some writing. She is no computer expert, barely beginner computer litterate. (She has had computers for 7 or 8 years.)
By the time I got there, there were several warning pop-ups on the screen, of the type we have seen, already, on this thread.
Her peaceful background screen was gone. (Pretty picture of her two service dogs.) In its place was a blood red screen. Her program icons had all turned shades of red. There were four additional icons, referring to programs that purportedly could rescue her computer from the chaos. Those icons had shields and Medieval weapons, displayed.
The center of the screen featured a large charactured, four sided medieval type blade. Across the screen, there was a film strip, parading from right to left. Each frame of the strip showed a different, vividly active, pornographic clip, as it moved. Remember, all of this was in shades of red.
Dani is a service related disabled vet, EMT, following the OK City Murrah Bldg Bombing. That on screen scene, threw her into a flashback, to a stairwell she worked in, in the rescue attempt, she had participated in, there. There was water mixed with bood, from injuries and the sprinkler system, cascading down the stairs, at that location. (Referred to as "a river of blood.") One glance at the screen was all it took, for me to know what had happened in this hacker attack. The thug had found a very vulnerable victim.
Never mind the damage he did to her computer. I wish he could see the damage he did to the person. Actually, that type of person would probably relish that. Then, I'd like to have some "man to man" serious communication. (Dream on, Ray!)
I have no idea how someone could reason that from that screen, one could encourage victims to find help, in their programs. I have no idea what the hacker/developer meant to accomplish. Defeats me.
Sorry, not capable of describing it "delicately."
Ron
Moderator Emeritus
I can not agree with the Never ever use I.E. Sorry but IMHO the best defense against attack is just plain ole common sense when surfing the Internet. I would be more concerned having Norton or Mcafee on my system for protection.
OP
OP
Ray D
Well-known member
Ron, can you elaborate on "plain ole common sense?"
Applly it to a person who has no electronic education, and doesn't actually know what's special about "digital." Say, someone who only uses E-Mail to communicate with friends. Someone who participates in "on-line" self help groups - (similar to RV Forum, in intent) - shares photos and grandchildren stories, and occasionally orders something from WallMart.com. Someone who has to ask her husband where to plug in the USB cable, and which one, and when. That would be helpful, to me, in understanding "common sense." I could put it to good use.
Also, it would be of help to understand the benefit to uninstalling Norton, from her computer. I'd like to understand how, in what way, that would help her.
Ray D ;D
Applly it to a person who has no electronic education, and doesn't actually know what's special about "digital." Say, someone who only uses E-Mail to communicate with friends. Someone who participates in "on-line" self help groups - (similar to RV Forum, in intent) - shares photos and grandchildren stories, and occasionally orders something from WallMart.com. Someone who has to ask her husband where to plug in the USB cable, and which one, and when. That would be helpful, to me, in understanding "common sense." I could put it to good use.
Also, it would be of help to understand the benefit to uninstalling Norton, from her computer. I'd like to understand how, in what way, that would help her.
Ray D ;D
Will
Well-known member
Well, considering the format of this attack, the type of "common sense" to protect against this type of attack is not so common. Most people have never seen the Task Manager, let alone know how to use it. This type of attack uses banner ads placed on LEGITIMATE web sites by marketing agencies who sell ad space. You could pick this up by viewing ANY of the web sites you view every day. This is why the problem is so wide spread. It then runs a flash script that exploits a well-know, but as of yet unfixed, vulnerability in Internet Explorer. I guarantee you that the Firefox developers have already released some type of patch for Firefox and Netscape to prevent similar attacks.
Internet Explorer is a poor choice for a browser because of Microsoft's poor attention to security vulnerability, combined with its extremely high profile, making it an easy target for crackers.
The article posted above shows that even Mac users were minimally affected, but were protected out of simply not being in the target of the attack.
The trouble with the "common sense" security is that it is more akin to living in blissful denial. ALL computers connected to the internet are potential targets for hackers, and any one of them at any time could be infected. The majority of computers I see in use by individuals have been infected by more than one virus and spyware program before they even take notice. Case in point: I reformatted my hard-drive a year ago. Reinstalled Windows, and the first and only thing I did with it was go to AVG's secure website to download a new copy of the antivirus. I did nothing else while the program downloaded. In 3 minutes, the file had downloaded, but I was unable to install it as my machine was already infected with a virus. 3 Minutes is all it took for a fresh machine to be infected, and I had done NOTHING online.
Norton, while bloated and busy, is better than nothing at all. I prefer AVG, it works well enough and is free. You sill need anti-spyware and a firewall too. You just can't go without these things these days. Even these things, though, will not fully protect your computer like avoiding being a part of the target audience, being the 85% of computer users who use Internet Explorer exclusively.
Internet Explorer is a poor choice for a browser because of Microsoft's poor attention to security vulnerability, combined with its extremely high profile, making it an easy target for crackers.
The article posted above shows that even Mac users were minimally affected, but were protected out of simply not being in the target of the attack.
The trouble with the "common sense" security is that it is more akin to living in blissful denial. ALL computers connected to the internet are potential targets for hackers, and any one of them at any time could be infected. The majority of computers I see in use by individuals have been infected by more than one virus and spyware program before they even take notice. Case in point: I reformatted my hard-drive a year ago. Reinstalled Windows, and the first and only thing I did with it was go to AVG's secure website to download a new copy of the antivirus. I did nothing else while the program downloaded. In 3 minutes, the file had downloaded, but I was unable to install it as my machine was already infected with a virus. 3 Minutes is all it took for a fresh machine to be infected, and I had done NOTHING online.
Norton, while bloated and busy, is better than nothing at all. I prefer AVG, it works well enough and is free. You sill need anti-spyware and a firewall too. You just can't go without these things these days. Even these things, though, will not fully protect your computer like avoiding being a part of the target audience, being the 85% of computer users who use Internet Explorer exclusively.
